mirrors/nix-darwin
mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2025-03-05 08:17:01 +00:00
Code Activity

users: assert that programs.<shell>.enable = true; for users' shells

Browse source 
Backport of https://github.com/NixOS/nixpkgs/pull/211603 and 093f354a17
This commit is contained in:
Michael Hoang 2024-11-11 00:08:42 +11:00
parent c2c88ae983
commit 5eb88645f7
2 changed files with 36 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
modules/users/default.nix
View file

@ -2,8 +2,8 @@
let let
inherit (lib) concatStringsSep concatMapStringsSep elem escapeShellArg inherit (lib) concatStringsSep concatMapStringsSep elem escapeShellArg
escapeShellArgs filter filterAttrs mapAttrs' mapAttrsToList mkAfter escapeShellArgs filter filterAttrs flatten flip mapAttrs' mapAttrsToList
mkIf mkMerge mkOption mkOrder mkRemovedOptionModule optionals mkAfter mkIf mkMerge mkOption mkOrder mkRemovedOptionModule optionals
optionalString types; optionalString types;
cfg = config.users; cfg = config.users;
@ -105,7 +105,29 @@ in
assertion = !builtins.elem "root" deletedUsers; assertion = !builtins.elem "root" deletedUsers;
message = "Remove `root` from `users.knownUsers` if you no longer want nix-darwin to manage it."; message = "Remove `root` from `users.knownUsers` if you no longer want nix-darwin to manage it.";
} }
]; ] ++ flatten (flip mapAttrsToList cfg.users (name: user:
map (shell: {
assertion = let
s = user.shell.pname or null;
in
!user.ignoreShellProgramCheck -> (s == shell || (shell == "bash" && s == "bash-interactive")) -> (config.programs.${shell}.enable == true);
message = ''
users.users.${user.name}.shell is set to ${shell}, but
programs.${shell}.enable is not true. This will cause the ${shell}
shell to lack the basic Nix directories in its PATH and might make
logging in as that user impossible. You can fix it with:
programs.${shell}.enable = true;
If you know what you're doing and you are fine with the behavior,
set users.users.${user.name}.ignoreShellProgramCheck = true;
instead.
'';
}) [
"bash"
"fish"
"zsh"
]
));
users.gids = mkMerge gids; users.gids = mkMerge gids;
users.uids = mkMerge uids; users.uids = mkMerge uids;

11
modules/users/user.nix
View file

@ -84,6 +84,17 @@
''; '';
}; };
ignoreShellProgramCheck = mkOption {
type = types.bool;
default = false;
description = ''
By default, nix-darwin will check that programs.SHELL.enable is set to
true if the user has a custom shell specified. If that behavior isn't
required and there are custom overrides in place to make sure that the
shell is functional, set this to true.
'';
};
packages = mkOption { packages = mkOption {
type = types.listOf types.package; type = types.listOf types.package;
default = []; default = [];